CWE-749 on ZAP

Dangerous JS Functions

Mon, 01 Jan 0001 00:00:00 +0000

A dangerous JS function seems to be in use that would leave the site vulnerable.

Insecure HTTP Method - CONNECT

Mon, 01 Jan 0001 00:00:00 +0000

The insecure HTTP method [CONNECT] is enabled for this resource, and is exploitable. It was found to be possible to establish a tunneled socket connection to a third party service, using this HTTP method. This would allow the service to be used as an anonymous spam relay, or as a web proxy, bypassing network restrictions. It also allows it to be used to establish a tunneled VPN, effectively extending the network perimeter to include untrusted components.

Insecure HTTP Method - DELETE

Mon, 01 Jan 0001 00:00:00 +0000

The insecure HTTP method [DELETE] is enabled on the web server for this resource. Depending on the web server configuration, and the underlying implementation responsible for serving the resource, this might or might not be exploitable. The TRACK and TRACE methods may be used by an attacker, to gain access to the authorisation token/session cookie of an application user, even if the session cookie is protected using the HttpOnly flag. For the attack to be successful, the application user must typically be using an older web browser, or a web browser which has a Same Origin Policy (SOP) bypass vulnerability. The CONNECT method can be used by a web client to create an HTTP tunnel to third party websites or services.

Insecure HTTP Method - PROPFIND

Mon, 01 Jan 0001 00:00:00 +0000

This HTTP method is a WEBDAV method: PROPFIND. If this server is not offering any WEBDAV services, these methods should not be available.

Insecure HTTP Method - PUT

Mon, 01 Jan 0001 00:00:00 +0000

The insecure HTTP method [PUT] is enabled on the web server for this resource. Depending on the web server configuration, and the underlying implementation responsible for serving the resource, this might or might not be exploitable. The TRACK and TRACE methods may be used by an attacker, to gain access to the authorisation token/session cookie of an application user, even if the session cookie is protected using the HttpOnly flag. For the attack to be successful, the application user must typically be using an older web browser, or a web browser which has a Same Origin Policy (SOP) bypass vulnerability. The CONNECT method can be used by a web client to create an HTTP tunnel to third party websites or services.

Insecure HTTP Method - PUT

Mon, 01 Jan 0001 00:00:00 +0000

This method was originally intended for file management operations. It is now most commonly used in REST services, PUT is most-often utilized for update capabilities, PUT-ing to a known resource URI with the request body containing the newly-updated representation of the original resource.

Insecure HTTP Method - TRACE

Mon, 01 Jan 0001 00:00:00 +0000

The insecure HTTP method [TRACE] is enabled for this resource, and is exploitable. The TRACK and TRACE methods may be used by an attacker, to gain access to the authorisation token/session cookie of an application user, even if the session cookie is protected using the HttpOnly flag. For the attack to be successful, the application user must typically be using an older web browser, or a web browser which has a Same Origin Policy (SOP) bypass vulnerability.